The present invention relates to a method, a system and devices for determining the authenticity of a user or a group of users of a communication terminal device.
Aside from conventional methods for authenticating persons by means of photographs and personal identification papers, methods for authenticating persons by means of biometric features are also known in the prior art. In these methods, measurable and recordable body features are registered as biometric keys and, at the time of authentication, compared with the respective body features of a person to be authenticated. Known examples of such biometric features include fingerprints, eye patterns, facial contours, or voice characteristics.
It is also known that a personal computer (PC) can be equipped with means, an external video camera among others, which make it possible for the PC to record in a learning process and to reuse at a later point in time for authentication purposes the face, respectively some facial features, of a user, the PC granting the user access to the PC only if it recognizes the facial features.
The combination of video sensors with communication terminal devices is known in the context of video telephony, which is also available in a mobile version where a video camera is connected to a mobile radio telephone.
A method is described in DE 39 43 097 A1 which transfers biometrically measurable data, such as an eye pattern or a fingerprint, as search criteria over communication networks, among others by means of a mobile telephone, for retrieving stored medical data. Essentially, in this method, an individual is identified by means of biometric features in order to access his medical data. However, it is not the intention of this method to verify the authenticity of this individual nor to ensure the authenticity and the non-deniable origin of the data exchanged over the communication network in this method.
It is the object of this invention to propose a new and improved method and system for determining the authenticity of a user or of a group of users of a communication terminal device.
According to the present invention, body features are stored in a secured way as biometric keys on a personal SIM-card and in that this SIM-card is inserted into a communication device by a user, said device determining current body features from the user, determining current biometric keys therefrom, and comparing these with the biometric keys stored on the card in order to authenticate the user. This has the advantage that a personal card can authenticate the user in different communication terminal devices without the user having to use passwords, which are often forgotten or may be entered unlawfully, and that a user who acquired the SIM-card improperly, for instance through theft or accidental finding, is not authenticated. An additional advantage is the fact that the SIM-card can be prepared for a user group in that biometric keys are stored therein for all users belonging to the group.
In order to prevent improper authentication, for instance through photographic imitation of body features, body movements are included in the biometric keys.
According to the invention, authentication of the user through the communication terminal device can be used to allow or refuse a user the usage of the communication terminal device in correspondence with the result of the authentication. According to the invention, the result of the authentication can also be transmitted in a wireless manner, particularly by a mobile communication terminal device, to an external secured device which, for its part, can permit or refuse the user access to its services or buildings.
According to the invention, the first recording of biometric keys is executed in a point of presence (POP) connected to a communication network. From there, they are transmitted in a secured manner via the communication network to a biometric server where they are stored in tables, at least one biometric key in a table being assigned to a corresponding user. Additions to and updating of biometric keys can also be executed in the POP. Moreover, with the present invention, it is possible to update biometric keys directly from the communication terminal device, provided that for the respective user there is already a plurality of biometric keys known at the biometric server.
In the present invention, for the authentication and for the transmission of biometric keys, security services are preferably used, for example Trusted Third Party (TTP) services, in order to ensure the confidentiality, authenticity, integrity and non-deniable origin of the data exchanged via a communication network as well as the authenticity of the sender of these data thereby exchanged.